DIY phishing kits widely available on the Net
By Alun Williams
Posted on 19 Aug 2004 at 11:33
DIY phishing kits are being widely made available on the Internet warns the security company Sophos.
'Phishing' is the practice of duping people to reveal sensitive financial information by means of bogus websites and emails, often purporting to come from trusted sources. This development can only increase the incidence of attacks. Indeed, these are already starting to rival spam in terms of the numbers of emails involved - Phishing scams rival virus attacks in email tally
'Until now, phishing attacks have been largely the work of organised criminal gangs,' warned Graham Cluley, senior technology consultant at Sophos. 'The emergence of these "build your own phish" kits, however, mean that any old Tom, Dick or Harry can now mimic bona fide banking websites and convince customers to disclose sensitive information such as passwords, PIN numbers and account details.'
According to Sophos, the DIY kits contain graphics, source code and example text to help construct bogus websites that have the look-and-feel of legitimate online banking sites. Inevitably, there is also a link with spamming - software is included that enables potential fraudsters to pump out phishing emails as bait.
The motive, of course, is financial and eastern European gangs are already specialising in such attacks. Others are likely to try and follow in such fraudulent footsteps. 'There is plenty of profit to be made from Phishing,' said Cluley. 'By putting the necessary tools in the hands of amateurs, it's likely that the number of attacks will continue to rise.'
Certainly the current prevalence of phishing should not be underestimated. Such scams are already estimated to cost banks and other financial institutions as much as $400mn in fraud this year, according to research group Financial Insights. And reported incidences of phishing scams are running at more than a thousand a month, according to the Anti-Phishing Working Group. Such a situation can only worsen if Phishing-kiddies start getting in on the act, too.
You can see examples of phishing scams in this earlier article.
See also:
Cost of Phishing scams estimated at $400mn this year
Phishing scams rival virus attacks in email tally
From around the web
advertisement
- Chrome's shine getting lost in translation
- BytePac: the cardboard hard disk enclosure
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- Why virtualisation hasn't slowed the growth of data
- How to make Google AdWords work for your business
- The curse of sloppily written software
- Paying for your crimes with Bitcoin
- Behind the scenes: tech support for Formula 1
- The security risk of fat fingers
- Why Windows Phone 7 isn't quite ready for business
- When will Microsoft stop fiddling with Windows 8?
- Flash down the pan?
- Metro Style apps vs desktop applications
advertisement
